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SYSTEM FOR ENHANCING THE TRANSMISSION SECURITY 
OF THE E-MAILS IN THE INTERNET NETWORK 



Technical field of the invention 

The present invention relates to the security in the 
5 transmission of the e-mails - over an unsecured data 
transmission network and in particular relates to a system for 
enhancing the transmission security of the e-mails in the 
Internet network. 

Background art 

10 Today, the use of e-mails is widely spread. When the sender 
forwards an e-mail to a recipient, the action is immediate and 
unless a problem is encountered between ' the sender server and 
the recipient server, the e-mail is delivered in the recipient 
mailbox without any control on the way taken by the forwarded 

15 message in terms of network infrastructure. 

Most countries have specific legal protections that prevent 
authorities and individuals from opening and reading the paper 
mail. Unfortunately, few countries have provided the same 
protections for the electronic mail, which gives individuals, 

20 companies and authorities a legal room to read the e-mails. 
Thus, the e-mails can be read at any of the routers along the 
path taken by the e-mail to reach its destination over the 
Internet. However, due to the growth of commercial and private 
contracts materialized by the electronic mail, it becomes 

25 crucial to be able to guarantee privacy of such exchanges. 



To prevent attacks of e-mails, the usage of encryption 
algorithms either symmetric or asymmetric to secure the e-mail 
exchange over the Internet is widely spread. Thus, in the key 
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encryption, there ±s a private key kept private for the owner, 
which is used to sign the data whereas a public key which can 
be known of many people is used for decrypting the message. To 
improve the security, such keys have a minimum of 4 0 bits but 
5 are longer and longer. For example, the symmetric algorithm 
Data Encryption Standard specifies 56-bit keys in some 
countries and 12 8-bit keys in other ones like the USA. 
Therefore, there is no doubt that such a continuous growth of 
the key length is not a solution for the security problem. 

10 Summary of the invention 

Accordingly, the object of the invention is to provide a 
system and to achiieve a method which can be adapted to any 
kind of e-mail being transmitted over the Internet network 
without requiring the use of sophisticated algorithms and/or 
15 more and more long- encryption keys. 

The invention therefore relates to a system for enhancing the 
security of the e-mails transmitted from a sender to a 
receiver over a data transmission network such as Internet 
wherein a Message Transfer Agent (MTA) associated with the 

20 sender is in charge of transmitting over the network an 
original e-mail sent by the sender. The MTA associated with 
the sender includes a message splitting means adapted to 
divide the original e-mail into a plurality of chunks 
according to a predetermined algorithm and a predetermined 

25 list of relay MTAs to which are forwarded the plurality of 
chunks. The system comprises a chunk assembly agent for 
receiving from the relay MTAs the plurality of chunks and 
re-assembling them by using the predetermined algorithm in 
order to re-build the e-mail before sending it to the receiver 
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Brief description of the drawings 

The above and other objects, features and advantages of the 
invention will be better understood by reading the following 
more particular description of the invention in conjunction 
5 with the accompanying drawings wherein: 

■Fig. 1 is a schematic representation of a system according 
to the invention wherein an e-mail is divided into three 
chunks using three different paths over Internet; and 
■Fig* 2 is a diagram representing the original e-mail divided 
10 into five chunks distributed among three different e-mails. 

Detailed description of the invention 

In reference to FIG.l, in the system according to the 
invention, it is assumed that a sender 10 wants to send an 
15 e-mail to a receiver 12 over the public data transmission 
network, that is Internet, represented inside the dotted lines 
in the figure. 

The e-mail MSG sent by the sender 10 can be encrypted by the 
public key of the receiver 12 even though this is not 
20 mandatory. The e-mail MSG preferably encrypted is then 
provided for transmission to the associated Message Transfer 
Agent (MTA) 14 after adding a mail header such as the e-mail 
COMPLETE MSG to be forwarded is as follows: 

To : receiver @dest . domain 
25 From : sender 

Subject : secure mail 
ENCRYPTED TEXT 

wherein receiver@dest .domain is the address of the receiver 
mailbox. It must be noted that this address is in clear 
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insofar as the sender MTA 14 is a secure zone that can be the 
Intranet network of a company or the client device of a 
standalone user. 

The sender MTA 14 includes two essential means according to 
5 the invention : a message splitter agent 16 and a list of 
relay MTAs 18. The message splitter agent 16 is in charge of 
dividing the received e-mail COMPLETE MSG into a plurality of 
chunks and to encrypt each chunk with its mail header toy using 
the public key of a specific mailbox having the address 
10 highlysecure@dest.dom. Each new e-mail MSG CHUNK is as 
follows : 

To : receiver @dest . domain 
From : sender 
Subject : secure mail 
15 Chunk : n 

Chunk count : N 

A same MAIL HEADER is added to each encrypted chunk before 
sending it over the Internet network. This MAIL HEADER is as 
follows : 

20 To highlysecure@dest .domain 
From : Confidential 
Subject : xxx 

By using its list of relay MTAs 18, the sender MTA 14 forwards 
each encrypted chunk with its header to a different relay MTA. 
25 Thus, in the example illustrated in FIG.l, the e-mail is 
divided into three e-mails forwarded to the relay MTAs 20, 22 
and 24. Thus, sending a. plurality of chunks to respectively a 
plurality of MTAs ensures a different pathway for each chunk 
while they transit over- the unsecured public network. It must 
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be noted that such a division into chunks can depend on the 
security level required by the sender. 

Since all the chunk e-mails have the same destination address 
highlysecure@dest . domain, they are received by a single 
5 deliver MTA 26 associated with this address. Then, the deliver 
MTA sends the received chunk e-mails to the mailbox 
corresponding to the address highlysecure@dest . domain which is 
a chunk assembly agent 28. By using its private key, the chunk 
assembly agent 2 8 decrypts each received e-mail and can 

10 re-assemble the plurality of received chunks by using the same 
algorithm which has been used by the message splitter agent to 
divide the original e-mail into a plurality of chunks, the 
chunk number n Included in the header being used to 
concatenate the chunks in the right order even if they have 

15 been received in a different order. 

Finally, the original message COMPLETE MSG which has been 
obtained after re-assembling the chunks in the chunk assembly 
agent 28, is forwarded to the mailbox of the receiver 12 by 
the deliver MTA 26. 

20 The scrambling algorithm used to divide the original e-mail 
into a plurality of chunks may be any kind of algorithm. But 
as mentioned above, it is essential that the chunk assembly 
agent uses the same algorithm to re-assemble the e-mail as the 
one used by the message splitter agent to divide the e-mail 

25 into chunks . 

For instance, it can be assumed that each chunk is composed of 
the same number of n bytes. Assuming that there are m relay 
MTAs, the original e-mail could be divided in the following 
way: 

30 Bytes from 1 to n in chunk #1 for the first relay MTA 

Bytes from n+1 to 2n in chunk #2 for the second relay MTA 



WO 2005/053262 



PCT/EP2004/052907 



6 

Bytes from 2n+l to 3n in chunk #3 for the third relay MTA 



Bytes from mn+1 to (m+l)n in chunk #m+l for the m th relay MTA 
Bytes from (m+l)n+l to (m+2 ) n in chunk #m+2 for the first 
relay MTA 

Bytes from (m+2 ) n+1 to (m+3) n in chunk #m+3 for the second 
relay MTA 



According to another more secure embodiment, the original 
e-mail may be divided at the character level. A possible 
algorithm consists in taking sequentially each character and 
put it in a chunk the number of which is defined by the 
following formula used with X chunks: 

Chunk # =1 + <order number of the character> modulo X 

Assuming that the message is "DIVIDE THE MESSAGE" and that the 
characters are put into 5 chunks, the chunks are the 
following : 

Chunk 1 DE A 

Chunk 2 I MG 

Chunk 3 VTEE 

Chunk 4 IHS 

Chunk 5 DES 

Then, the chunks could be distributed randomly into the 
different e-mails forwarded to the relay MTAs . 

Thus, assuming that there are three relay MTAs as described in 
FIG.l, the original e-mail could be divided into 5 chunks as 
illustrated in FIG. 2. In such a case, chunk #1 and chunk #4 
are included in the e-mail forwarded to relay MTA 20, chunk #2 
and chunk #5 are included in the e-mail forwarded to relay MTA 
22 and chunk #3 is forwarded to relay MTA 24. It must be noted 
that each chunk is preceded, in each e-mail, by the chunk 
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number in order for the chunk assembly agent 2 8 to be able to 
re-assemble correctly the original e-mail even though the 
partial e-mails are not received in the right order. 
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CLAIMS 

1. System for enhancing the security of the e-mails transmitted 
from a sender (10) to a receiver (12) over a data 
transmission network such as Internet wherein a Message 
5 Transfer Agent (MTA) (14) associated with said sender is in 

charge of transmitting over said network an original e-mail 
sent by said sender; 

said system being characterized 

in that said MTA associated with said sender includes a 
10 message splitting means (16) adapted to divide said original 

e-mail into a plurality of chunks according to a 
predetermined algorithm and a predetermined list of relay 
MTAs (20, 22, 24) to which are forwarded said plurality of 
chunks; and 

15 in that it comprises a chunk assembly agent (28) for 

receiving from said relay MTAs the plurality of chunks and 
re-assembling them by using said predetermined algorithm in 
order to re-build said e-mail before sending it to said 
receiver . 

20 2. The system according to claim 1, wherein each of said 
plurality of chunks is transmitted as a chunk e-mail having 
a destination address which is the address of said chunk 
assembly agent (28) . 

25 3. The system according to claim 2, wherein each of said 
plurality of chunks is encrypted by using the public key of 
said chunk assembly agent (28) before being transmitted over 
said network. 
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4 . Method for enhancing the security of the e-mails transmitted 
from a sender (10) to a receiver (12) over a data 
transmission network sucla as Internet wherein a Message 
Transfer Agent (MTA) (14) associated with said sender is in 
charge of transmitting an original e-mail sent by said 
sender; 

said method being characterized in that it consists in 
using an algorithm for dividing said original e-mail into a 
plurality of chunks, and sending these chunks as e-mails to 
different relay MTAs (20, 22, 24) defined in a predetermined 
list of relay MTAs, re-assembling by a chunk assembly agent 
said chunks in order to re-build said original e-mail by 
using said predetermined algorithm, before sending said 
original e-mail to said receiver. 

5. The method according to claim 4, wherein each chunk is 
transmitted over said network in a chunk e-mail having a 
destination address which is the address of said chunk 
assembly agent. 

6. The method according to claim 4, wherein each chunk is 
encrypted by using the public key of said chunk assembly 
agent before being transmitted, said encrypted chunk e-mail 
being decrypted when received by said chunk assembly agent 
using its private key. 

7. The method according to claim 6, wherein the text of said 
original e-mail is encrypted by using the public key of said 
receiver before being divided into a plurality of chunks. 
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